Menu Close

Defunct Business Reaches $100,000 HIPAA Settlement

Posted in HIPAA and the HITECH Act, Litigation, Privacy and Data Protection

On February 13, the U.S. Department of Health and Human Services (HHS) announced a $100,000 settlement with the court-appointed receiver of FileFax Inc., a defunct medical records storage, maintenance, and delivery services company, to settle alleged violations of HIPAA’s Privacy Rule. Medical records of 2,150 patients had been left unsecured either in an unlocked truck or a dumpster outside FileFax’s facility in Northbrook, Illinois, and were later discovered by an informant at a shredding and recycling facility.FileFax went out of business during the investigation of the incident by HHS’s Office for Civil Rights, but the receiver agreed to the settlement and a corrective action plan (Appendix A here) on the company’s behalf. Under the plan, the receiver will be required to properly store and dispose of the remaining medical records found at Filefax’s facility in compliance with HIPAA.

Leave a Reply

Your email address will not be published. Required fields are marked *